Release notes - Guardium Insights Version 3.2.5

IBM Security Guardium Insights is a hybrid cloud data security hub that helps you improve visibility into user data activity and risk. Guardium Insights helps you protect data more efficiently, enhance information technology flexibility, and reduce operational costs as you embrace new business paradigms (such as moving data to the cloud). Guardium Insights helps reduce the cost and complexity related to collecting, managing, and retaining data security and compliance data. It provides new analytics to enhance threat investigations - and it provides quick reporting functionality (including pre-built reports). Risk scoring and alerting in Guardium Insights help you prioritize your activities.

IBM Security Guardium Insights is a powerful tool that can help you secure your data. Simple to use, Guardium Insights allows you to set up connections to your data sources.

Guardium Insights provides tools to help you analyze data:

Outlier mining: Detecting anomalies in activities and exceptions.
Risk events: Identifying assets at risk using broad data points.
Reports: Dive into the raw data for deep investigation.

Download Guardium Insights v3.2.5
Install Guardium Insights v3.2.5
Guardium Insights v3.2.x release notes
Bug and security fixes in Guardium Insights v3.2.5
- Bug fixes
- Security fixes
Known limitations and workarounds for Guardium Insights v3.2.5
Resources

Download Guardium Insights v3.2.5

Guardium Insights V3.2.5 can be downloaded as an archive file (2.2.5.tar.gz) from: https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-guardium-insights

You can install only the products for which your site is entitled.

For further instructions, read the README.md file located after unzipping the latest tar file.

The Quick Start Guide for this offering is available at Passport Advantage (https://www.ibm.com/software/passportadvantage) (search for Part Number “M07QWML”).

Install Guardium Insights v3.2.5

Before installing Guardium Insights, review the system requirements: http://ibm.com/docs/SSWSZ5_3.2.x/sys_req.html

Important: As of Version 3.2.5, Guardium Insights now checks for multiple tenants before allowing the product to be patched (see this fix). If you have multiple tenants present when patching the product, the patch will fail. You can determine the number of tenants and remove invalid ones by following these instructions:

Determine the number of tenants on the system by running the count_tenants.sh script that is located in the ibm-guardium-insights/inventory/install/files/support/ bundle:
```
./count_tenants.sh <hostname> <admin_user_id> <admin_password>
```
If the above script returns echo "Successful tenant check", there are no extra tenants and you can proceed with patching the product.
If the script returns Failed, multiple tenants on system, you will need to delete invalid tenants. To determine all of the tenants that are running on the system, run the get_tenants.sh script:
```
./get_tenants.sh <hostname> <admin_user_id> <admin_password>
```
Use the list of returned tenants to determine which are invalid and can be removed - and then delete each invalid tenant using this command:
```
./delete_tenant.sh <hostname> <admin_user_id> <admin_password> <tenant_id>
```
To verify that you can now install the patch, you can run count_tenants.sh again and confirm that you receive the echo "Successful tenant check" message.

This offering is deployed as a new installation of Guardium Insights – or as an in-place upgrade. Please follow these instructions:

Prepare for installing: http://ibm.com/docs/SSWSZ5_3.2.x/install_prep_insights.html
Install Guardium Insights: http://ibm.com/docs/SSWSZ5_3.2.x/install.html
Upgrade process: http://ibm.com/docs/SSWSZ5_3.2.x/install_insights_update.html

Note: Support for Red Hat® OpenShift® Container Platform Version 4.8.x is now deprecated. Guardium Insights supports OpenShift Container Platform Version 4.10.x and 4.12.x.

Guardium Insights v3.2.x release notes

Bug and security fixes in Guardium Insights v3.2.5

Table 1. Bug fixes
Issue key	Description
INS-25337	PostgreSQL (Postgres) AWS universal connector connections are created and show as healthy, but then change to unhealthy after a few hours.
INS-26152	The UTC offset is always null for universal connector data. As a result, outliers are not calculated for current universal connector data.
INS-27446	An exception is flagged for a healthy universal connector connection: `Exception in thread "main" com.ibm.guardium.ucbootstrap.Exceptions.NoCertificatesException: Client certificates are not found exception.`
INS-27700	When patching Guardium Insights, ensure that only one tenant is present.
INS-28138	Reports do not work in a Guardium Insights Version 3.2.2 environment.

Security fixes

Table 2. Security fixes
Issue key	Vulnerability ID
INS-26293	CVE-2022-34917
INS-26725	CVE-2022-46175
INS-26726	CVE-2022-40897
INS-28243	CVE-2023-25194
INS-28244	CVE-2023-23931 CVE-2020-25659
INS-28245	CVE-2023-25577 CVE-2023-23934

Known limitations and workarounds for Guardium Insights v3.2.5

This patch of Guardium Insights carries forward the known limitations and workarounds from Guardium Insights Version 3.2. You can find the list of limitations in the release notes for that version.

In addition, this patch includes this known limitation:

Table 3. Known limitations and workarounds for Guardium Insights v3.2.5
Issue key	Description
INS-25447	Cannot restore a backup of Guardium Insights Version 3.2.0 to Version 3.2.x. Workaround: Restore the backup to Version 3.2.0 and then upgrade Guardium Insights from Version 3.2.0 to 3.2.x.
INS-28227	During an upgrade of Guardium Insights, data ingestion should be halted or kept to a minimum. This is due to a change in the Db2® operator.
INS-28766	Guardium Insights fails to install from a macOS terminal. Workaround: Run the script from a Red Hat Enterprise Linux® terminal, or `ssh` into the cluster and then run the air gap process from the terminal of the cluster.
INS-28841	Db2 version update does not allow a restore from previous version. Workaround: Perform a full backup after upgrade is complete. If you have not performed a full backup and have an incremental backup scheduled, a full backup of Db2 will be automatically performed instead of the scheduled incremental backup.
INS-29331	In rare cases, there are Db2 errors for services such as the reports and risk services. These may prevent report execution or risk event generation. When this occurs, these errors are seen in the logs for the related service: `SQLCODE=-1803, SQLSTATE=57056, SQLERRMC=NULLID.SYSSN200 0X5359534C564C3031, DRIVER=4.26.14 SQLCODE=-901, SQLSTATE=58004, SQLERRMC=Plan/Environment mismatch!, DRIVER=4.26.14` Workaround: See Db2 errors for reports and risk services.
INS-29634	The Guardium Insights restore process fails if you have previously restored a backup. Workaround: This occurs because the restore process attempts to write to the restore.* files from the previous restore process. To work around this issue, move these restore.* files outside of the folder before attempting to restore - or change the permissions to `777`.
INS-29711	When Db2 is upgraded as part of the update process, if the upgrade requires a large amount of time (which it may if there is a large amount of data inside Db2), the `risk-analytics-controller` service may attempt to connect to Db2 before it is ready, and then fail. If this happens, the `risk-analytics-controller` logs will report Db2 errors containing `ERRORCODE=-4499, SQLSTATE=08001` and the service will not try to reconnect to Db2 once it is available. Workaround: Once the Db2 pods have started, restart the `risk-analytics-controller` pods to allow them to reconnect.

Resources

IBM Security Guardium Insights documentation: http://ibm.com/docs/SSWSZ5_3.2.x/

System requirements: http://ibm.com/docs/SSWSZ5_3.2.x/sys_req.html

IBM Security Learning Academy: https://www.securitylearningacademy.com